RSA Conference BlogThe latest news and info from RSA Conference2015 RSA ConferenceGenericen-USTue, 31 Mar 2015 04:44:59 EDTFuture Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About ItMon, 30 Mar 2015 12:00:00 EDT Technology is neutral and non-moral. It’s the implementers and users who define its use. In <a href="http://www.amazon.com/gp/product/0385539002/ref=as_li_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=0385539002&linkCode=as2&tag=benrothkswebp-20&linkId=XGKZMFI6347LVIQO" target="_blank">Future Crimes: Everything Is Connected, Everyone Is Vulnerable and What We Can Do About It</a>, author Marc Goodman spends nearly 400 pages describing the dark side of technology, and those who use it for nefarious purposes. He provides a fascinating overview of how every major technology can be used to benefit society, and how it can also be exploited by those on the other side. Technology breeds crime and in the book, Goodman users <em>Crime, Inc.</em> as a metaphor for the many entities and organizations that…http://www.rsaconference.com/blogs/future-crimes-everything-is-connected-everyone-is-vulnerable-and-what-we-can-do-about-it
Guidelines for Mobile Computing SecurityMon, 15 Dec 2014 12:00:00 EST Mobililty is clearly the future of computing. Smartphones and tablets are more powerful and bring-your-own device is an accepted reality. This raises major security issues, as mobile computing can be readily compromised at the device, network and wireless connectivity levels. The mobile device itself—whether a portable computer, personal digital assistant, laptop, smartphone, tablet computer, or a wearable computer—can be damaged, lost, or stolen. Mobile communications elements, properties, protocols, data formats, and technologies can be targeted and result is lost or damaged data. …http://www.rsaconference.com/blogs/guidelines-for-mobile-computing-security
The Bright Future of Mobile PaymentsFri, 07 Nov 2014 12:00:00 EST Cashless payment for goods and services continues to evolve, and mobile payments are quickly becoming the battleground for new products and technologies that drive consumer and merchant convenience. Such payments ensure rapid payment for credit issuers and other constituents in the transaction chain. Some of these technologies are still evolving and represent truly revolutionary approaches, while others are more evolutionary and rely on applying existing technologies that found new life as part of the e-commerce world. One example of the latter is near-field communications (NFC). If you're…http://www.rsaconference.com/blogs/the-bright-future-of-mobile-payments
News Pick: TUAW Explains Apple PayWed, 08 Oct 2014 12:00:00 EDT If you are at all interested in Apple Pay and how it works, make sure to check out the thorough writeup examining the security behind the technology by Yoni Heisler over at <a href="http://www.tuaw.com/2014/10/02/apple-pay-an-in-depth-look-at-whats-behind-the-secure-payment/" target="_blank">The Unofficial Apple Weblog</a>. Heisler spoke with a few individuals involved with the development of Apple Pay to understand how the mobile payment technology works and to determine whether it's secure. One takeaway from the piece is that tokenization isn't the only thing making Apple Pay more secure than other types of mobile payments. It is "just one part of the puzzle that makes Apple Pay so secure," Heisler wrote. When…http://www.rsaconference.com/blogs/news-pick-tuaw-explains-apple-pay
The Internet of Things: The Death of General Purpose Computing?Mon, 29 Sep 2014 12:00:00 EDT Ever try to send a text from your laptop while you’re on the go? Theoretically you could with the right hardware and software, but why would you? Laptops aren’t meant to be that mobile or that convenient. The text message, with its 140 character limit, was the quintessential application, and for a while the only one, for cell phones. Similarly, the thought of writing a ten page document on a smart phone, while technically feasible, is a chore few could endure. In their zeal to capture as large a market as possible, smart phone and tablet developers have gone down the same road as their…http://www.rsaconference.com/blogs/the-internet-of-things-the-death-of-general-purpose-computing
Mobile Device Management and the Ubiquity of Mobile AuthenticationTue, 02 Sep 2014 12:00:00 EDT We all know that mobile devices are rapidly becoming an absolutely indispensable component of the online world. , This makes mobile device management even more critical, regardless of who is managing the device: a large enterprise, a small business, or just you. Online banking and other sites require a mobile device in order to send a one-time password to authenticate transactions. Smartphone apps provide on-demand content, portable transaction data (such as QR codes for your airplane boarding passes), and in-app purchasing options that aren’t possible on traditional desktop and laptop…http://www.rsaconference.com/blogs/mobile-device-management-and-the-ubiquity-of-mobile-authentication
No Easy Answer for In-App Data Security on Mobile DevicesThu, 07 Aug 2014 12:00:00 EDT The proliferation of mobile devices—smartphones, tablets, convertibles, and more—is leading to a fundamental shift in how technology is used both for individuals and businesses. It's also leading to major problems for ensuring mobile security, especially inside of apps. App data is managed through Internet-connected, platform-specific programs for mobile devices, delivered through trusted app repositories. This model has tremendous advantages for consistency and mobility, but it also presents unique problems, many of which are not well communicated by device manufacturers, mobile OS…http://www.rsaconference.com/blogs/no-easy-answer-for-in-app-data-security-on-mobile-devices
Mobile Payments and Devices Under AttackMon, 21 Jul 2014 12:00:00 EDT A number of annual security reports released in the first half of 2014 address the threat to mobile devices and capabilities, including mobile payments and banking. If you are an Android user, you will find it interesting these reports estimated 98 to 99 percent of all mobile malware created in 2013 targeted Android devices (see, for example, the <a href="https://www.cisco.com/web/offer/gist_ty2_asset/Cisco_2014_ASR.pdf" target="_blank">Cisco 2014 Annual Security Report</a> and the <a href="https://www.securelist.com/en/analysis/204792320/Kaspersky_SecurityBulletin_2013_Forecasts" target="_blank">Kaspersky Security Bulletin 2013</a>). Where Are Risks the Greatest? The report from Kaspersky Lab <a href="http://www.securelist.com/en/analysis/204792318/Kaspersky_Security_Bulletin_2013_Overall_statistics_for_2013" target="_blank">highlights</a> how mobile malware became more sophisticated in 2013, with "mobile Trojans which could check on the…http://www.rsaconference.com/blogs/mobile-payments-and-devices-under-attack
The Challenge of Mobile ForensicsMon, 14 Jul 2014 12:00:00 EDT At RSA Conference 2014 in San Francisco, Andrew Hoog and the viaForensics, Inc., team presented "<a href="http://www.rsaconference.com/events/us14/agenda/sessions/939/mobile-analysis-kung-fu-santoku-style" target="_blank">Mobile Analysis Kung Fu, Santoku Style</a>." A highly informative presentation, Andrew and a viaForensics engineer, Sebastian Selma, gave a thorough overview of the mobile device security black art of forensics. While the practice of data forensics is difficult enough on a desktop or laptop computer, mobile devices make forensics a much more difficult task for several reasons: <strong>Form Factor:</strong> Mobile devices tend to hold the kind of data that is needed for, say, court discovery, in multiple locations, …http://www.rsaconference.com/blogs/the-challenge-of-mobile-forensics
A Tale of Two Cultures: Cool or Vigilant. Can the Security Industry Have Both?Fri, 06 Jun 2014 12:00:00 EDT We live in an age when a company’s “cool corporate culture” can actually come to influence them as a brand. Multi-billion dollar company Google offers an <a href="http://www.google.com/about/company/facts/culture/">open, startup-like culture</a> with an office layout that encourages spontaneous interactions. Earlier this year, the media was <a href="http://www.forbes.com/sites/stevedenning/2014/01/15/making-sense-of-zappos-and-holacracy/">abuzz</a> with the news that popular online shoe and clothing shop Zappos would transform itself from a traditional organizational structure to a Holacracy. By the end of 2014, Zappos plans to be a self-governing organization where things like job titles and managers do not exist. Are these cultures just a fad? Are they worth…http://www.rsaconference.com/blogs/a-tale-of-two-cultures-cool-or-vigilant-can-the-security-industry-have-both
Mobile Devices, Cyber Attacks, and the New FrontierMon, 26 May 2014 12:00:00 EDT As the unrelenting game of attackers versus defenders continues in the world of information security, mobile cyber attacks are becoming a more desirable attack vector for hackers, criminal organizations, and nation-states to gain access to data. The past few years have started to see long-term, concerted campaigns targeting mobile devices, most notably the Red October malware that targeted multiple mobile platforms and dedicated hardware such as router, switch, and firewall operating systems. More recently, we also have the revelation of the NSA's alleged DROPOUT JEEP malware campaign to…http://www.rsaconference.com/blogs/mobile-devices-cyber-attacks-and-the-new-frontier
Enterprise IT Virtualization Makes Security a Harsh RealityThu, 15 May 2014 12:00:00 EDT Enterprise IT virtualization is a multi-syllable way of saying "software in the cloud," and companies are finding that its benefits are real—but so are its challenges. The same selling points that attract users—budget savings, the convenience of working from anywhere, and the elimination of software service updates and incompatibilities—also create headaches for IT help desks and CIOs. The difficulties often get less attention than the convenience of working remotely, which makes it harder to manage and secure the roaming workforce. The result is a kind of chicken-and-egg conundrum: Do you…http://www.rsaconference.com/blogs/enterprise-it-virtualization-makes-security-a-harsh-reality
Modern Challenges of Mobile ForensicsWed, 14 May 2014 12:00:00 EDT As the world of technology continues to move toward mobile devices, these devices are becoming rich targets for malware, bad actors, and even government agencies seeking to increase the scope of their surveillance capability. Of course, there's a lot that an enterprise can do to secure their mobile devices properly. However, the reality of today's threat landscape is such that that organizations will likely need to conduct mobile forensics when—not if—the mobile devices of their users are compromised, or if detailed activity information is required to determine how a device was used in an…http://www.rsaconference.com/blogs/modern-challenges-of-mobile-forensics
Secure Global Open Source Calling and Message ToolsTue, 25 Mar 2014 12:00:00 EDT Risk versus reward? Open source versus packaged? Security or flexibility? All of these decisions matter deeply when considering personal safety for international travelers. Because today's cell phones send a signal beacon that identifies your location, network, and movement, companies are turning to more secure open source applications to protect phone conversations and hide the email trail in places from police, other official organizations, or phone companies. Any risk assessment has to examine the real likelihood of a catastrophe and how to reduce the chances of that worst case scenario. …http://www.rsaconference.com/blogs/secure-global-open-source-calling-and-message-tools
New Legislation Addresses Mobile App Privacy in CaliforniaThu, 27 Feb 2014 12:00:00 EST The healthcare field is beginning to hop onto the bandwagon of mobile computing. Mobile computing is spreading to healthcare in a number of ways. The first use case is in diagnostics, in which a doctor or nurse could use a device to monitor health metrics, such as vital signs (whether at hospital stays or simply during a routine check-up), glucose levels for diabetics, sleep data, caloric or nutritional intake and more. Using a mobile device allows the data to be delivered faster, and may even allow doctors to provide patients with real time test results, sparing them the hassle and expense…http://www.rsaconference.com/blogs/new-legislation-addresses-mobile-app-privacy-in-california
Hacking Exposed Mobile: Security Secrets & SolutionsMon, 26 Aug 2013 12:00:00 EDT Little did anyone know that when the first <a href="http://www.amazon.com/s/?_encoding=UTF8&camp=1789&creative=390957&field-keywords=hacking%20exposed&linkCode=ur2&sprefix=hacking%20expose%2Caps%2C168&tag=benrothkswebp-20&url=search-alias%3Dstripbooks" target="_blank"><em>Hacking Exposed</em></a> books came out over 15 years ago, that it would launch a set of sequels on topics from Windows, Linux, web development, to virtualization and cloud computing, and much more. It was a series that launched a generation of script kiddies, in addition to security experts. In 2013, the newest edition is <a href="http://www.amazon.com/gp/product/0071817018/ref=as_li_ss_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=0071817018&linkCode=as2&tag=benrothkswebp-20" target="_blank">Hacking Exposed Mobile Security Secrets & Solutions</a>. In this edition, authors Neil Bergman, Mike Stanfield, Jason Rouse & Joel Scambray provide an extremely detailed overview of the security and privacy issues around mobile devices. The authors…http://www.rsaconference.com/blogs/hacking-exposed-mobile-security-secrets-solutions
Hacking Exposed Mobile Security Secrets and SolutionsMon, 05 Aug 2013 12:00:00 EDT Little did anyone know that when the first <em>Hacking Exposed</em> book came out over 15 years ago, that it would launch a large set of sequels. In 2013, the newest version is <a href="http://www.amazon.com/gp/product/0071817018/ref=as_li_ss_tl?ie=UTF8&camp=1789&creative=390957&creativeASIN=0071817018&linkCode=as2&tag=benrothkswebp-20" target="_blank">Hacking Exposed Mobile Security Secrets & Solutions</a>. When the first edition of Hacking Exposed was published, Windows was dominant. In 2013, Windows is a dying operating system and mobile is the new king. In the book, the authors detail the risks of mobile computing, and more importantly, show the needed countermeasures to deal with the many risks and vulnerabilities. For those organizations that have mobile devices (which is…http://www.rsaconference.com/blogs/hacking-exposed-mobile-security-secrets-and-solutions
Update on BYOD and Mobile Device Management BookSat, 22 Jun 2013 12:00:00 EDT <a href="http://365.rsaconference.com/blogs/ediscovery/2013/05/17/legal-issues-in-managing-mobile-devices-in-the-enterprise">Last month</a>, I wrote about the Mobile Transformation, the consumerization of information technology, and managing mobile devices in the enterprise. I gave a sneak preview of my upcoming book on managing mobile devices in the enterprise. I just finished reviewing the page proofs for the book. Accordingly, the book is on track for the publisher, the <a href="http://www.americanbar.org/groups/science_technology.html" target="_blank">American Bar Association Section of Science & Technology Law</a>, to have the book on sale in time for the ABA's Annual Meeting the first whole week of August. The book's focus is on managing an enterprise mobile device program. For instance, it covers risk…http://www.rsaconference.com/blogs/update-on-byod-and-mobile-device-management-book
Ally's Picks - Kevin Mahaffey and Mobile SecurityMon, 17 Jun 2013 12:00:00 EDT While driving to work recently I heard a familiar name come over the radio. <a href="http://www.npr.org/blogs/alltechconsidered/2013/06/13/191226129/Will-A-Kill-Switch-Stop-Cellphones-From-Being-Stolen?live=1" target="_blank">The story</a> from NPR was about theft of mobile devices and how prevalent it has become in recent years. They called on industry expert, and frequent RSA Conference speaker, Kevin Mahaffey for his thoughts. Kevin speaks to his company's (<a href="https://www.lookout.com/" target="_blank">Lookout, Inc.</a>) attempts to build a safe way to remotely disable mobile devices after they're stolen. For more of Kevin <a href="http://www.rsaconference.com/videos/63/mobile-and-the-connected-world">watch the video</a> of his session on the interconnectivity of everything around us from RSA Conference earlier this year, or <a href="http://www.youtube.com/watch?feature=player_embedded&v=Ljc-KR1zzxQ" target="_blank">view Kevin's webcast</a> for RSA Conference on what…http://www.rsaconference.com/blogs/allys-picks-kevin-mahaffey-and-mobile-security
Bring Your Own Device (BYOD) for Control Systems?Thu, 06 Jun 2013 12:00:00 EDT I just finished attending Interop Las Vegas where I gave a talk entitled “BYOD Security and Privacy.” In walking the show floor and attending a variety of sessions, there was little doubt that Bring Your Own Device (BYOD) is a hot topic that cybersecurity professionals are struggling to get their arms around. The challenge is further magnified by the fact that this trend is less one of technology than one of culture for organizations. Executives, often will little stated business benefit, are demanding to use their cool-looking tablets in the corporate environment. Ordinary users complain of…http://www.rsaconference.com/blogs/bring-your-own-device-byod-for-control-systems
Legal Issues in Managing Mobile Devices in the EnterpriseFri, 17 May 2013 12:00:00 EDT This month, I completed a book on the legal issues involved with managing mobile devices in the enterprise. The publisher will be the <a href="http://www.americanbar.org/groups/science_technology.html" target="_blank">American Bar Association Section of Science & Technology Law</a>. I served as Chair of the Section from 2010 to 2011. I expect the Section to publish the book in time for the American Bar Association Annual Meeting in August in San Francisco. But the purpose of this article is to give you a sneak preview of what the book is going to say. The first question to answer is why a book on mobile devices. The answer is simple. The country and world are undergoing a “mobile…http://www.rsaconference.com/blogs/legal-issues-in-managing-mobile-devices-in-the-enterprise